Commit | Line | Data |
---|---|---|
920dae64 AT |
1 | \ ========== Copyright Header Begin ========================================== |
2 | \ | |
3 | \ Hypervisor Software File: security.fth | |
4 | \ | |
5 | \ Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. | |
6 | \ | |
7 | \ - Do no alter or remove copyright notices | |
8 | \ | |
9 | \ - Redistribution and use of this software in source and binary forms, with | |
10 | \ or without modification, are permitted provided that the following | |
11 | \ conditions are met: | |
12 | \ | |
13 | \ - Redistribution of source code must retain the above copyright notice, | |
14 | \ this list of conditions and the following disclaimer. | |
15 | \ | |
16 | \ - Redistribution in binary form must reproduce the above copyright notice, | |
17 | \ this list of conditions and the following disclaimer in the | |
18 | \ documentation and/or other materials provided with the distribution. | |
19 | \ | |
20 | \ Neither the name of Sun Microsystems, Inc. or the names of contributors | |
21 | \ may be used to endorse or promote products derived from this software | |
22 | \ without specific prior written permission. | |
23 | \ | |
24 | \ This software is provided "AS IS," without a warranty of any kind. | |
25 | \ ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, | |
26 | \ INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A | |
27 | \ PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN | |
28 | \ MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE FOR | |
29 | \ ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR | |
30 | \ DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN | |
31 | \ OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR | |
32 | \ FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE | |
33 | \ DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, | |
34 | \ ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF | |
35 | \ SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. | |
36 | \ | |
37 | \ You acknowledge that this software is not designed, licensed or | |
38 | \ intended for use in the design, construction, operation or maintenance of | |
39 | \ any nuclear facility. | |
40 | \ | |
41 | \ ========== Copyright Header End ============================================ | |
42 | id: @(#)security.fth 1.13 01/04/06 | |
43 | purpose: Implements Open Boot security feature (passwords) | |
44 | copyright: Copyright 1990-2001 Sun Microsystems, Inc. All Rights Reserved | |
45 | ||
46 | \ The security variables are placed at a fixed location to | |
47 | \ prevent them from being changed when a new PROM is released. | |
48 | \ An area near the start of EEPROM is reserved for them. | |
49 | ||
50 | unexported-words | |
51 | : legal-passwd-char? ( char -- flag ) bl h# 7e between ; | |
52 | ||
53 | 8 buffer: pwbuf0 | |
54 | 8 buffer: pwbuf1 | |
55 | : get-password ( adr -- adr len ) | |
56 | 0 begin ( adr len ) | |
57 | key dup linefeed <> over carret <> and | |
58 | while ( adr len char ) | |
59 | 2dup legal-passwd-char? swap 8 < and if ( adr len char ) | |
60 | >r 2dup + r> swap c! ( adr len ) | |
61 | 1+ ( adr len ) | |
62 | else ( adr len char ) | |
63 | drop beep ( adr len ) | |
64 | then ( adr len ) | |
65 | repeat ( adr len char ) | |
66 | drop cr | |
67 | ; | |
68 | ||
69 | exported-headerless | |
70 | \ used by the keyboard support package | |
71 | : security-on? ( -- flag ) \ flag true if command or full security | |
72 | security-mode 1 2 between ( on? ) | |
73 | security-password dup 0<> -rot ( ok? ) | |
74 | bounds ?do i c@ legal-passwd-char? and loop | |
75 | and ( flag ) | |
76 | ; | |
77 | ||
78 | \ the bootparam package requires this. | |
79 | ||
80 | : password-okay? ( -- good-pw? ) | |
81 | security-on? if | |
82 | ??cr ." Firmware Password: " | |
83 | pwbuf0 get-password security-password ( adr,len1 adr,len2 ) | |
84 | compare 0= if true exit then ( ) | |
85 | ." Sorry. Waiting 10 seconds." cr | |
86 | security-#badlogins 1+ to security-#badlogins | |
87 | lock[ d# 10.000 ms ]unlock | |
88 | false exit | |
89 | then true | |
90 | ; | |
91 | ||
92 | exported-headers | |
93 | \ Required to make sure users know that set-defaults doesn't change | |
94 | \ security settings. | |
95 | overload: set-defaults ( -- ) | |
96 | security-on? if | |
97 | ." Note: set-defaults does not change the security fields." cr | |
98 | then | |
99 | set-defaults | |
100 | ; | |
101 | ||
102 | : password ( -- ) | |
103 | ." New password (8 characters max) " pwbuf0 get-password ( adr len ) | |
104 | ||
105 | ." Retype new password: " pwbuf1 get-password ( adr len adr len ) | |
106 | ||
107 | 2over $= if ( adr len ) | |
108 | ['] security-password ( adr len apf ) | |
109 | 3dup encode ( adr len apf true|adr len false ) | |
110 | if | |
111 | 3drop ( ) | |
112 | ." Invalid string - password unchanged" cr | |
113 | else | |
114 | 2drop set ( ) | |
115 | then | |
116 | else | |
117 | 2drop ( ) | |
118 | ." Mismatch - password unchanged" cr | |
119 | then | |
120 | ; | |
121 | ||
122 | unexported-words | |
123 | ||
124 | : (?permitted) ( adr len -- adr len ) | |
125 | source-id if exit then \ Apply security only to interaction | |
126 | 2dup " go" $= if exit then | |
127 | 2dup " boot" $= if exit then | |
128 | password-okay? 0= abort" " | |
129 | ; | |
130 | ||
131 | unexported-words | |
132 | : first-prompt ( -- ) help-msg ['] (prompt) is prompt do-prompt ; | |
133 | ||
134 | : secure-help-msg ( -- ) | |
135 | ??cr ." Type boot , go (continue), or login (command mode)" cr | |
136 | ; | |
137 | ||
138 | : secure-prompt ( -- ) ??cr ." > " ; | |
139 | ||
140 | : first-secure-prompt ( -- ) | |
141 | secure-help-msg ['] secure-prompt is prompt do-prompt | |
142 | ; | |
143 | ||
144 | : secure ( -- ) | |
145 | ['] first-secure-prompt is prompt | |
146 | ['] (?permitted) is ?permitted | |
147 | [ also hidden ] true is deny-history? [ previous ] | |
148 | ; | |
149 | ||
150 | : unsecure ( -- ) | |
151 | ['] prompt behavior ['] (prompt) <> if | |
152 | ['] first-prompt is prompt | |
153 | then | |
154 | ['] noop is ?permitted | |
155 | [ also hidden ] false is deny-history? [ previous ] | |
156 | ; | |
157 | ||
158 | exported-headerless | |
159 | ||
160 | : (?secure) ( -- ) security-on? if secure else unsecure then ; | |
161 | ||
162 | ' (?secure) to ?secure | |
163 | ||
164 | exported-headers | |
165 | ||
166 | alias login unsecure | |
167 | alias logout ?secure | |
168 | ||
169 | unexported-words |